UNPKG

@softvisio/core

Version:

Softisio core

softvisio-node.github.io/core/

softvisio-node/core

298 lines (241 loc) • 8.89 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
import constants from "#lib/app/constants"; import sql from "#lib/sql"; export default sql` CREATE EXTENSION IF NOT EXISTS softvisio_types; CREATE SEQUENCE acl_type_id_seq AS int8 MAXVALUE ${ Number.MAX_SAFE_INTEGER }; CREATE TABLE acl_type ( id int53 PRIMARY KEY DEFAULT nextval( 'acl_type_id_seq' ), type text NOT NULL UNIQUE, enabled boolean NOT NULL DEFAULT TRUE ); ALTER SEQUENCE acl_type_id_seq OWNED BY acl_type.id; CREATE SEQUENCE acl_role_id_seq AS int8 MAXVALUE ${ Number.MAX_SAFE_INTEGER }; CREATE TABLE acl_role ( id int53 PRIMARY KEY DEFAULT nextval( 'acl_role_id_seq' ), acl_type_id int53 NOT NULL REFERENCES acl_type ( id ) ON DELETE CASCADE, role text NOT NULL, enabled boolean NOT NULL DEFAULT TRUE, UNIQUE ( acl_type_id, role ) ); ALTER SEQUENCE acl_role_id_seq OWNED BY acl_role.id; CREATE TABLE acl_permission ( acl_role_id int53 NOT NULL REFERENCES acl_role ( id ) ON DELETE CASCADE, permission text NOT NULL, PRIMARY KEY ( acl_role_id, permission ) ); CREATE SEQUENCE acl_id_seq AS int8 MAXVALUE ${ Number.MAX_SAFE_INTEGER }; CREATE TABLE acl ( id int53 PRIMARY KEY DEFAULT nextval( 'acl_id_seq' ), acl_type_id int53 NOT NULL REFERENCES acl_type ( id ) ON DELETE RESTRICT ); ALTER SEQUENCE acl_id_seq OWNED BY acl.id; CREATE TABLE acl_user ( acl_id int53 NOT NULL REFERENCES acl ( id ) ON DELETE CASCADE, user_id int53 NOT NULL REFERENCES "user" ( id ) ON DELETE CASCADE, created timestamptz NOT NULL DEFAULT CURRENT_TIMESTAMP, enabled boolean NOT NULL DEFAULT TRUE, PRIMARY KEY ( acl_id, user_id ) ); CREATE TABLE acl_user_role ( acl_id int53 NOT NULL, user_id int53 NOT NULL, acl_role_id int53 NOT NULL REFERENCES acl_role ( id ) ON DELETE CASCADE, PRIMARY KEY ( acl_id,user_id, acl_role_id ), FOREIGN KEY ( acl_id, user_id ) REFERENCES acl_user ( acl_id, user_id ) ON DELETE CASCADE ); CREATE FUNCTION create_acl ( _acl_type text ) RETURNS int53 AS $$ BEGIN RETURN create_acl( ( SELECT id FROM acl_type WHERE type = _acl_type ) ); END; $$ LANGUAGE plpgsql; CREATE FUNCTION create_acl ( _acl_type_id int53 ) RETURNS int53 AS $$ DECLARE _id int53; BEGIN INSERT INTO acl ( acl_type_id ) VALUES ( _acl_type_id ) RETURNING id INTO _id; RETURN _id; END; $$ LANGUAGE plpgsql; CREATE FUNCTION get_acl_users ( _acl_id int53 ) RETURNS json AS $$ BEGIN RETURN ( SELECT json_agg( acl_user.user_id ) FROM acl_user WHERE acl_user.acl_id = _acl_id AND acl_user.enabled ); END; $$ LANGUAGE plpgsql; CREATE FUNCTION acl_user_roles ( _acl_id int53, _user_id int53 ) RETURNS json STABLE AS $$ BEGIN -- root user IF _user_id = ${ constants.rootUserId } THEN RETURN ( SELECT json_agg( role ) FROM ( SELECT acl_role.role FROM acl_role, acl_type, acl WHERE acl_role.enabled AND acl_role.acl_type_id = acl_type.id AND acl_type.id = acl.acl_type_id AND acl.id = _acl_id ORDER BY acl_role.role ASC ) AS roles ); -- non-root user ELSE RETURN ( SELECT json_agg( role ) FROM ( SELECT acl_role.role FROM acl_user_role, acl_role WHERE acl_user_role.acl_id = _acl_id AND acl_user_role.user_id = _user_id AND acl_user_role.acl_role_id = acl_role.id AND acl_role.enabled ORDER BY acl_role.role ASC ) AS roles ); END IF; END; $$ LANGUAGE plpgsql; CREATE FUNCTION acl_user_permissions ( _acl_id int53, _user_id int53 ) RETURNS json STABLE AS $$ BEGIN RETURN ( SELECT json_agg( permission ) FROM _get_acl_user_permissions( _acl_id, _user_id ) ); END; $$ LANGUAGE plpgsql; CREATE FUNCTION acl_has_user ( _acl_id int53, _user_id int53 ) RETURNS boolean STABLE AS $$ BEGIN IF _user_id = ${ constants.rootUserId } THEN RETURN EXISTS ( SELECT FROM acl WHERE id = _acl_id ); ELSE RETURN EXISTS ( SELECT FROM acl_user WHERE acl_id = _acl_id AND user_id = _user_id AND enabled ); END IF; END; $$ LANGUAGE plpgsql; CREATE FUNCTION acl_user_editable ( _acl_id int53, _acl_user_id int53, _parent_user_id int53 ) RETURNS boolean STABLE AS $$ BEGIN IF _parent_user_id = ${ constants.rootUserId } THEN RETURN TRUE; ELSIF _acl_user_id = _parent_user_id THEN RETURN FALSE; ELSE RETURN NOT EXISTS ( WITH acl_user_permissions AS ( SELECT permission FROM _get_acl_user_permissions( _acl_id, _acl_user_id ) ) SELECT FROM acl_user_permissions WHERE permission NOT IN ( SELECT permission FROM _get_acl_user_permissions( _acl_id, _parent_user_id ) ) ); END IF; END; $$ LANGUAGE plpgsql; CREATE FUNCTION _get_acl_user_permissions ( _acl_id int53, _user_id int53 ) RETURNS TABLE ( permission text ) STABLE AS $$ BEGIN -- root user IF _user_id = ${ constants.rootUserId } THEN RETURN QUERY SELECT DISTINCT acl_permission.permission FROM acl_permission, acl_role, acl_type, acl WHERE acl_permission.acl_role_id = acl_role.id AND acl_role.enabled AND acl_role.acl_type_id = acl_type.id AND acl_type.id = acl.acl_type_id AND acl.id = _acl_id ORDER BY acl_permission.permission ASC; -- non-root user ELSE RETURN QUERY SELECT DISTINCT acl_permission.permission FROM acl_permission, acl_role, acl_type, acl_user_role, acl_user WHERE acl_permission.acl_role_id = acl_role.id AND acl_role.enabled AND acl_type.id = acl_role.acl_type_id AND acl_type.enabled AND acl_user_role.acl_role_id = acl_role.id AND acl_user.acl_id = acl_user_role.acl_id AND acl_user.user_id = acl_user_role.user_id AND acl_user.acl_id = _acl_id AND acl_user.user_id = _user_id AND acl_user.enabled ORDER BY acl_permission.permission ASC; END IF; END; $$ LANGUAGE plpgsql; -- acl/update, acl/delete CREATE FUNCTION acl_user_after_update_or_delete_trigger () RETURNS TRIGGER AS $$ BEGIN -- deleted IF ( TG_OP = 'DELETE' ) THEN PERFORM pg_notify( 'acl/delete', json_build_object( 'acl_id', OLD.acl_id, 'user_id', OLD.user_id )::text ); -- updated ELSIF ( TG_OP = 'UPDATE' ) THEN PERFORM pg_notify( 'acl/update', json_build_object( 'acl_id', NEW.acl_id, 'user_id', NEW.user_id, 'enabled', NEW.enabled )::text ); END IF; RETURN NULL; END; $$ LANGUAGE plpgsql; CREATE TRIGGER acl_user_after_update_or_delete AFTER UPDATE OR DELETE ON acl_user FOR EACH ROW EXECUTE FUNCTION acl_user_after_update_or_delete_trigger(); CREATE FUNCTION acl_user_role_after_insert_trigger() RETURNS TRIGGER AS $$ DECLARE row record; BEGIN FOR row IN SELECT acl_id, user_id FROM new_table GROUP BY acl_id, user_id LOOP PERFORM pg_notify( 'acl/delete', json_build_object( 'acl_id', row.acl_id, 'user_id', row.user_id )::text ); END LOOP; RETURN NULL; END; $$ LANGUAGE plpgsql; CREATE TRIGGER acl_user_role_after_insert AFTER INSERT ON acl_user_role REFERENCING NEW TABLE AS new_table FOR EACH STATEMENT EXECUTE FUNCTION acl_user_role_after_insert_trigger(); CREATE FUNCTION acl_user_role_after_delete_trigger() RETURNS TRIGGER AS $$ DECLARE row record; BEGIN FOR row IN SELECT acl_id, user_id FROM old_table GROUP BY acl_id, user_id LOOP -- acl user was not removed IF EXISTS ( SELECT FROM acl_user WHERE acl_user.acl_id = row.acl_id AND acl_user.user_id = row.user_id ) THEN PERFORM pg_notify( 'acl/delete', json_build_object( 'acl_id', row.acl_id, 'user_id', row.user_id )::text ); END IF; END LOOP; RETURN NULL; END; $$ LANGUAGE plpgsql; CREATE TRIGGER acl_user_role_after_delete AFTER DELETE ON acl_user_role REFERENCING OLD TABLE AS old_table FOR EACH STATEMENT EXECUTE FUNCTION acl_user_role_after_delete_trigger(); `;